[exim-announce] Exim 4.73 Release

Meesterlijk

Verified User
Joined
Jan 19, 2007
Messages
179
Location
Netherlands
Exim release 4.73 is now available from the primary ftp site:
* ftp://ftp.exim.org/pub/exim/exim4/exim-4.73.tar.gz
* ftp://ftp.exim.org/pub/exim/exim4/exim-4.73.tar.bz2
_________________________________________________________________

This is primarily a security and bug fix release. The changes
involved are:-

1. TWO MAJOR SECURITY FIXES:-
+ CVE-2010-4344 exim remote code execution flaw
+ CVE-2010-4345 exim privilege escalation
2. Improvements to OpenSSL support.
3. Convert to a more recent Clam/AV API.
4. Additional improvements to DKIM support
5. Remove reliance on C99 va_copy()

CVE-2010-4344 was actually resolved by a fix in release 4.70, but
not identified at the time as a security issue. Changes have been
made in release 4.73 to resolve CVE-2010-4345. We recommend that
users should migrate to 4.73 as soon as possible, however some
distributions are instead using older releases with specific
patches for these issues.

Due to packaging build issues no texinfo documentation files have
been produced - however they should be buildable from the
documentation source should you have the correct toolchain
available. The HTML documentation included is now built using the
same toolchain as the website documentation.
_________________________________________________________________

The primary ftp server is in Cambridge, England. There is a list of
mirrors in:
* http://www.exim.org/mirmon/ftp_mirrors.html

The master ftp server is now ftp.exim.org.

The distribution files are signed with Nigel Metheringham's GPG key
(address is [email protected], key id is DDC03262), which is available
on the ftp site and on a number of keyservers. The ASCII signature
files are in the same directory as the tarbundles. The SHA1 hashes
for the distribution files are:

41a2025b250e212bf3d6890dc6636eeb4fa087b9 exim-4.73.tar.gz
e40a6beece6642ab372be1bc25ce53275b4fbc54 exim-4.73.tar.bz2
2ab231fd66e587fbcdd5c84107ce500ed0b15253 exim-html-4.73.tar.gz
c3973f9c41ae8d7f3b28d572f2e1dcb87ae6f996 exim-html-4.73.tar.bz2
b55c23b4bf6c1d5080e45bf9e90e43764b2bd776 exim-pdf-4.73.tar.gz
a3f4da6afc6f064730685001a20f824c060f5268 exim-pdf-4.73.tar.bz2
880ddd479c021c031612c11336fc2b14467d9d13 exim-postscript-4.73.tar.gz
481ad6527f8dba4b4b9602d288e5a919c506416f exim-postscript-4.73.tar.bz2

The distribution contains an ASCII copy of the 4.73 manual and
other documents. Other formats of the documentation are also
available:-
* ftp://ftp.exim.org/pub/exim/exim4/exim-html-4.73.tar.gz
* ftp://ftp.exim.org/pub/exim/exim4/exim-pdf-4.73.tar.gz
* ftp://ftp.exim.org/pub/exim/exim4/exim-postscript-4.73.tar.gz

The .bz2 versions of these tarbundles are also available.

The ChangeLog for this, and several previous releases, is included
in the distribution. Individual change log files are also available
on the ftp site, the current one being:-
* ftp://ftp.exim.org/pub/exim/ChangeLogs/ChangeLog-4.73
* ftp://ftp.exim.org/pub/exim/ChangeLogs/ChangeLog-4.73.gz

Brief documentation for new features is available in the NewStuff
file in the distribution. Individual NewStuff files are also
available on the ftp site, the current one being:-
* ftp://ftp.exim.org/pub/exim/ChangeLogs/NewStuff-4.73
* ftp://ftp.exim.org/pub/exim/ChangeLogs/NewStuff-4.73.gz
 
Anybody upgraded with Custombuild yet? If so, was there any problems?
 
I am running Exim 4.72 and Dovecot 1.2.16. It it still not that simple? I was thinking I could just do ./build exim in custombuild, and that this would work without trouble?
 
You can try, but I suggest you wait for an updated exim.conf or make some changes yourself.
The app itself may also need to be compiled differently depending on your environment.

But on paper, it's a great release, lots of good new features (even if some patches may still have to be applied).
 
You can try, but I suggest you wait for an updated exim.conf or make some changes yourself.
The app itself may also need to be compiled differently depending on your environment.

But on paper, it's a great release, lots of good new features (even if some patches may still have to be applied).

Hi interfasys,

just to know, which kind of issues can happen with the "old" exim.conf?

because right now there is on custombuild the new exim-4.73, i tested to install it on the test server but i didn't saw any problem to install it, but of course can be changed something ...

Thanks in advance,
Alfredo
 
I've checked the changes and if you're using the standard config, it seems there aren't any issues as long as you're running a recent version of ClamAV and you let custombuild make the decisions for you.
 
It appears on examination of the SpamBlocker-powered exim.conf file version 4, that it should work without problem as long as you're using the minimum ClamAV version (ClamAV 0.95 or newer).

However I've not tested it. Someone please test it and let us know.

Jeff
 
I can confirm that it works. The only unknown for me as I'm not using CB is whether it's still possible to load other config files besides exim.conf.
 
Updated using custombuild. SMTP is working fine, but sending to non-local mailaccounts using php mail() function results in:

R=lookuphost T=remote_smtp defer (-1): smtp transport process returned non-zero status 0x000b

Is there any fix for this?
 
Updated using custombuild. SMTP is working fine, but sending to non-local mailaccounts using php mail() function results in:

R=lookuphost T=remote_smtp defer (-1): smtp transport process returned non-zero status 0x000b

Is there any fix for this?

Was you able to fix it? Has anybody else upgraded from Exim 4.72 to Exim 4.73 using custombuild experienced the same problem?
 
No not yet. By the way, I upgraded from 4.69.

Temporary solution is a script which checks for locally sent mails in /var/spool/exim/ with PHP and push them out by force using 'exim -M'.

I can see some other threads with this subject and even an help page (the tip on that page, changing the /etc/exim.conf didn't help). But it's unclear to me what is the best thing to do. Recompiling from scratch?

I'm a little scared for this since it is a production server with many daily business users.
 
Are there still problems upgrading via custombuild to this version?
I am on 4.72 and experiencing high CPU and that should be solved in this version.
Also some of my clients are relying on php mail() function to work, and there is the hitch in this version as i look above.....


****
Did the upgrade, worked like a charm. No problems so far.
****
 
Last edited:
I upgraded from 4.72 to 4.73 without any problems. Also php mail() seem to work fine for me after upgrade. I am running CentOS 5.5 64bit.
 
anybody of you guys tryed to patch the exim to activate the DSN? Right now there is the patch still for the 4.72, and i don't understand where are the file to patch to activate the DSN ...

Anybody of you guys tryed already to do this?

Ok, the configuration file is in the main folder before to compile...

On 4.73 is not working, now i'm trying on the 4.72 (that is the version where this patch has been developed for)
 
Last edited:
updated without problem, but didnt check phpmail() function yet.

anyone have an easy phpmail script for test purpose?

thanks
 
Back
Top